YES, Mark Tomblin, Head of strategy, TBG London
This issue highlights the fact some marketing folk don't understand that privacy is a principle, not an inconvenience. How the OIX user information is stored is irrelevant - it's how it is acquired in the first place that is the key. This means that OIX has to be an opt-in system. But if it is, that could ruin its business model. This would be bad news for them, but we have to look at the bigger privacy picture here.
YES, Barney Farmer, UK sales director, Nielsen Online
Phorm says its OIX system will not store personal data and that it's impossible to reverse engineer browsing activity to find the person. AOL made similar claims after publishing search terms, which were tracked back to the people who entered them. It's hard to see how Phorm's system is anonymous and works. If it didn't collect personal data, it couldn't personalise ads. Once you have personal data, you have the person too.
NO, Phil Jones, Assistant commissioner, Information Commissioner's Office
We have had discussions with Phorm. It assures us its system does not allow the retention of profiles of sites visited and ads presented, and that it holds no personally identifiable information on users. It is only by allowing its technology to be subject to scrutiny by independent technical experts that it will be able to prove its assertions regarding privacy.
Comments
John K - 29/08/2008
Yes, it is deep cause for concern.
Fortunately the product was mooted by Phorm, which is recorded as having its roots in providing some particularly insidious malware in some of its previous incarnations. Just do a Google searches for items about Phorm, 121Media, Contextplus and Apropos Rootkit.
Two programs distributed by ContextPlus—Apropos and PeopleOnPage—employ what are described as "very advanced rootkit technologies" to evade anti-virus and anti-spyware scanners.
Now consider that the latest tool employs Deep Packet Inspection (DPI), operating at the IPS level. DPI has the ability to lay bare all the information in your http datastream.
All of it.
The only thing we have to rely on that items, which we would rather not have commercial third parties looking at, is the word of Phorm.
Just that.
Only the word of a company born from a reputation of stealthy deployment some of the Internet's most insidious software, which it them hid from detection.
And just how much credence are we now expected to give to this company?
How many of the positive reviews were * truly * objective and truly independent? Don't take my word fo rit. Go and read them. take along someone who really understands Internet traffic and TCP/IP and listen to them.
There are several patient technical analyses out there which dissect the Phorm product and do so without making sweeping generalisations. Phorm does not come out well in these.
Then there was the instance recorded manipulation of a Wikipedia article which was trying to carry an analytical study. Check out The regsiter and the relevant forums.
Finally that good old bastion of british industry BT managed to trial the Phorm tool. It did so without telling the subjects their lines would be tapped. Check out The Register. Check out forums.
Some of these subjects weren't the techical simpletons BT seemed to think typical of their customer base. People noticed their browsing was being intercepted. They asked specific questions of BT. Check out the forums.
BT replied claiming it was nothing to do with them. Check out the forums.
Some victims went as far as spending money to find out what was wrong, given the potential serious implications of what was apparently malware intercepting their datastrream and reporting it God knows where. Check out the forums.
As I said at the start: It is fortunate the product was mooted by Phorm. A company with a more respectable reputation may have succeeded in deploying this, only to have the tool prostituted later by other less scrupulous operators.
Sorty, but everyting I learned about Phorm, Webwise, data pimping, NebuAd and similar products fills me with horror.
No, until the tool CANNOT obtain data we do not wish to share commercially, it is neither desirable nor safe. We cannot rely on word alone - you commercial guys should be aware of that only too well.
Comments
John K - 29/08/2008
Yes, it is deep cause for concern. Fortunately the product was mooted by Phorm, which is recorded as having its roots in providing some particularly insidious malware in some of its previous incarnations. Just do a Google searches for items about Phorm, 121Media, Contextplus and Apropos Rootkit. Two programs distributed by ContextPlus—Apropos and PeopleOnPage—employ what are described as "very advanced rootkit technologies" to evade anti-virus and anti-spyware scanners. Now consider that the latest tool employs Deep Packet Inspection (DPI), operating at the IPS level. DPI has the ability to lay bare all the information in your http datastream. All of it. The only thing we have to rely on that items, which we would rather not have commercial third parties looking at, is the word of Phorm. Just that. Only the word of a company born from a reputation of stealthy deployment some of the Internet's most insidious software, which it them hid from detection. And just how much credence are we now expected to give to this company? How many of the positive reviews were * truly * objective and truly independent? Don't take my word fo rit. Go and read them. take along someone who really understands Internet traffic and TCP/IP and listen to them. There are several patient technical analyses out there which dissect the Phorm product and do so without making sweeping generalisations. Phorm does not come out well in these. Then there was the instance recorded manipulation of a Wikipedia article which was trying to carry an analytical study. Check out The regsiter and the relevant forums. Finally that good old bastion of british industry BT managed to trial the Phorm tool. It did so without telling the subjects their lines would be tapped. Check out The Register. Check out forums. Some of these subjects weren't the techical simpletons BT seemed to think typical of their customer base. People noticed their browsing was being intercepted. They asked specific questions of BT. Check out the forums. BT replied claiming it was nothing to do with them. Check out the forums. Some victims went as far as spending money to find out what was wrong, given the potential serious implications of what was apparently malware intercepting their datastrream and reporting it God knows where. Check out the forums. As I said at the start: It is fortunate the product was mooted by Phorm. A company with a more respectable reputation may have succeeded in deploying this, only to have the tool prostituted later by other less scrupulous operators. Sorty, but everyting I learned about Phorm, Webwise, data pimping, NebuAd and similar products fills me with horror. No, until the tool CANNOT obtain data we do not wish to share commercially, it is neither desirable nor safe. We cannot rely on word alone - you commercial guys should be aware of that only too well.